Author: Corey Neskey, CISSP | | https://github.com/cneskey | https://linkedin.com/in/cneskey | @cneskey

Analysis

Overview


Scope

Scope Table
Assets at risk
Containers/Points of attack
Threat communities
Threat Types
Effects
Included Excluded Included Excluded Included Excluded Included Excluded Included Excluded
Non Public Information (NPI) Other Subnet Neighbors on Oak-Net DerpCorp AD Systems privileged insiders (DerpCorp & Vendors) deliberately Mechanical confidentiality
ServerGaugeMgmt Server on Oak-Net DerpCorp SMTP Systems non-privileged insiders (DerpCorp & Vendors) accidentally Process Failure integrity
ServerGaugeReport Server on Oak-Net DerpCorp Networking and FW Systems malicious software Natural availability
ServerGaugeIndex Server on Oak-Net DerpCorp Vulnerability Scanner Systems external attackers
ServerGaugeMonitor Server on Oak-Net DerpCorp Vendor Access
ServerGaugeSQL Server on Oak-Net DerpCorp Replicated DR Equivalent Systems
DerpCorp hypervisor Server on Oak-Net DerpCorp Backup Systems
DerpCorp sysadmin jump stations on Oak-Net DerpCorp DFS Systems
Monitored servers on Maple-Net DerpCorp Endpoint Security Management Server
Monitored servers on Birch-Net DerpCorp Endpoint Management Server

Projection The net value after factoring in costs, benefits, losses, and mitigation costs over 1 year, 2 year, and 3 years.

Plan A Expected

Year 1 Year 2 Year 3
Benefits $398,331 $796,662 $1,194,993
Costs $57,998 $64,182 $70,366
Loss $431,349 $862,698 $1,294,046
Mitigation Costs $0 $0 $0
Prevented Loss $0 $0 $0
Net -$91,015 -$522,364 -$953,713

Plan B Expected

Year 1 Year 2 Year 3
Benefits $398,331 $796,662 $1,194,993
Costs $57,998 $64,182 $70,366
Loss $339,040 $678,080 $1,017,120
Mitigation Costs $2,229 $2,229 $2,229
Prevented Loss $92,309 $184,617 $276,926
Net $91,372 -$155,359 -$679,017

Plan C Expected

Year 1 Year 2 Year 3
Benefits $398,331 $796,662 $1,194,993
Costs $57,998 $64,182 $70,366
Loss $250,357 $500,714 $751,071
Mitigation Costs $40,864 $40,864 $40,864
Prevented Loss $180,992 $361,984 $542,975
Net $230,104 $160,739 -$717,652


Given the net value after factoring in known initial and recurring costs of this project as well as the project’s known benefits, potential losses due to risks, and control mitigation costs, Derp Corp can expect to realize profit after 2 years of use of this solution provided plan B controls are implemented.

Benefits Parameters provided by experts to approximate benefits of this project

Benefits Table
Benefit UID Benefit Event Benefits Probability Benefits Lower Bound Benefits Most Likely Benefits Upper Bound Benefits Rationale Benefits Recurring_Ben
benefit-1 System performance monitoring and alerting to prevent outages where possible and reduce outage duration. 90% $63,477 $182,292 $1,718,750 LowEnd = .5 hrs of outages for 2k employees making 75k+30%bens, MostLikely = 1 hrs of outages 1.5k emps making 100k+30%bens, HighEnd = 4 hrs outages 3k emps making 300k+30%bens, TRUE
benefit-2 Remote command execution via performance agent. 50% $30 $2,000 $200,000 Assumes Upper Bound is cost of one FTE. Not part of original use-case but may be used. TRUE

Costs Parameters provided by experts to approximate the costs of this project.

Costs Table
Known Costs UID Known Cost Event Known Costs Lower Bound Known Costs Most Likely Known Costs Upper Bound Known Costs Rationale Known Costs Recurring Expense
cost-1 Product (ServerGauge) direct purchase costs $19,790 $19,790 $19,790 Actual Contract FALSE
cost-2 Product (ServerGauge) support and pro services $0 $0 $0 No Pro Services FALSE
cost-3 Internal setup and testing $1,500 $24,000 $72,000 Wage-based - Sys Engineer x 2 - 1-12 week, ML 4 weeks FALSE
cost-4 Internal initial security review $1,500 $2,800 $5,600 Wage-based - Security Analyst x 1 FALSE
cost-5 Ongoing maintenance and systems administration $1,500 $3,000 $24,000 Wage-based - Sys Engineer x 1 - 1 to 8 weeks ML 2 TRUE

Scenarios

Scenarios Table
UID Assets at risk Containers/Points of attack Threat communities Threat Types Effects Scenario
Risk-1 Non Public Information (NPI) Subnet Neighbors on Oak-Net privileged insiders (DerpCorp & Vendors) deliberately confidentiality privileged insiders (DerpCorp & Vendors) deliberately impact the confidentiality of Non Public Information (NPI) through Subnet Neighbors on Oak-Net.
Risk-2 Non Public Information (NPI) ServerGaugeMgmt Server on Oak-Net privileged insiders (DerpCorp & Vendors) deliberately confidentiality privileged insiders (DerpCorp & Vendors) deliberately impact the confidentiality of Non Public Information (NPI) through ServerGaugeMgmt Server on Oak-Net.
Risk-3 Non Public Information (NPI) ServerGaugeReport Server on Oak-Net privileged insiders (DerpCorp & Vendors) deliberately confidentiality privileged insiders (DerpCorp & Vendors) deliberately impact the confidentiality of Non Public Information (NPI) through ServerGaugeReport Server on Oak-Net.
Risk-4 Non Public Information (NPI) ServerGaugeIndex Server on Oak-Net privileged insiders (DerpCorp & Vendors) deliberately confidentiality privileged insiders (DerpCorp & Vendors) deliberately impact the confidentiality of Non Public Information (NPI) through ServerGaugeIndex Server on Oak-Net.
Risk-5 Non Public Information (NPI) ServerGaugeMonitor Server on Oak-Net privileged insiders (DerpCorp & Vendors) deliberately confidentiality privileged insiders (DerpCorp & Vendors) deliberately impact the confidentiality of Non Public Information (NPI) through ServerGaugeMonitor Server on Oak-Net.
Risk-6 Non Public Information (NPI) ServerGaugeSQL Server on Oak-Net privileged insiders (DerpCorp & Vendors) deliberately confidentiality privileged insiders (DerpCorp & Vendors) deliberately impact the confidentiality of Non Public Information (NPI) through ServerGaugeSQL Server on Oak-Net.
Risk-7 Non Public Information (NPI) DerpCorp hypervisor Server on Oak-Net privileged insiders (DerpCorp & Vendors) deliberately confidentiality privileged insiders (DerpCorp & Vendors) deliberately impact the confidentiality of Non Public Information (NPI) through DerpCorp hypervisor Server on Oak-Net.
Risk-8 Non Public Information (NPI) DerpCorp sysadmin jump stations on Oak-Net privileged insiders (DerpCorp & Vendors) deliberately confidentiality privileged insiders (DerpCorp & Vendors) deliberately impact the confidentiality of Non Public Information (NPI) through DerpCorp sysadmin jump stations on Oak-Net.
Risk-9 Non Public Information (NPI) Monitored servers on Maple-Net privileged insiders (DerpCorp & Vendors) deliberately confidentiality privileged insiders (DerpCorp & Vendors) deliberately impact the confidentiality of Non Public Information (NPI) through Monitored servers on Maple-Net.
Risk-10 Non Public Information (NPI) Monitored servers on Birch-Net privileged insiders (DerpCorp & Vendors) deliberately confidentiality privileged insiders (DerpCorp & Vendors) deliberately impact the confidentiality of Non Public Information (NPI) through Monitored servers on Birch-Net.
Risk-11 Non Public Information (NPI) Subnet Neighbors on Oak-Net non-privileged insiders (DerpCorp & Vendors) deliberately confidentiality non-privileged insiders (DerpCorp & Vendors) deliberately impact the confidentiality of Non Public Information (NPI) through Subnet Neighbors on Oak-Net.
Risk-12 Non Public Information (NPI) ServerGaugeMgmt Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) deliberately confidentiality non-privileged insiders (DerpCorp & Vendors) deliberately impact the confidentiality of Non Public Information (NPI) through ServerGaugeMgmt Server on Oak-Net.
Risk-13 Non Public Information (NPI) ServerGaugeReport Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) deliberately confidentiality non-privileged insiders (DerpCorp & Vendors) deliberately impact the confidentiality of Non Public Information (NPI) through ServerGaugeReport Server on Oak-Net.
Risk-14 Non Public Information (NPI) ServerGaugeIndex Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) deliberately confidentiality non-privileged insiders (DerpCorp & Vendors) deliberately impact the confidentiality of Non Public Information (NPI) through ServerGaugeIndex Server on Oak-Net.
Risk-15 Non Public Information (NPI) ServerGaugeMonitor Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) deliberately confidentiality non-privileged insiders (DerpCorp & Vendors) deliberately impact the confidentiality of Non Public Information (NPI) through ServerGaugeMonitor Server on Oak-Net.
Risk-16 Non Public Information (NPI) ServerGaugeSQL Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) deliberately confidentiality non-privileged insiders (DerpCorp & Vendors) deliberately impact the confidentiality of Non Public Information (NPI) through ServerGaugeSQL Server on Oak-Net.
Risk-17 Non Public Information (NPI) DerpCorp hypervisor Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) deliberately confidentiality non-privileged insiders (DerpCorp & Vendors) deliberately impact the confidentiality of Non Public Information (NPI) through DerpCorp hypervisor Server on Oak-Net.
Risk-18 Non Public Information (NPI) DerpCorp sysadmin jump stations on Oak-Net non-privileged insiders (DerpCorp & Vendors) deliberately confidentiality non-privileged insiders (DerpCorp & Vendors) deliberately impact the confidentiality of Non Public Information (NPI) through DerpCorp sysadmin jump stations on Oak-Net.
Risk-19 Non Public Information (NPI) Monitored servers on Maple-Net non-privileged insiders (DerpCorp & Vendors) deliberately confidentiality non-privileged insiders (DerpCorp & Vendors) deliberately impact the confidentiality of Non Public Information (NPI) through Monitored servers on Maple-Net.
Risk-20 Non Public Information (NPI) Monitored servers on Birch-Net non-privileged insiders (DerpCorp & Vendors) deliberately confidentiality non-privileged insiders (DerpCorp & Vendors) deliberately impact the confidentiality of Non Public Information (NPI) through Monitored servers on Birch-Net.
Risk-21 Non Public Information (NPI) Subnet Neighbors on Oak-Net malicious software deliberately confidentiality malicious software deliberately impact the confidentiality of Non Public Information (NPI) through Subnet Neighbors on Oak-Net.
Risk-22 Non Public Information (NPI) ServerGaugeMgmt Server on Oak-Net malicious software deliberately confidentiality malicious software deliberately impact the confidentiality of Non Public Information (NPI) through ServerGaugeMgmt Server on Oak-Net.
Risk-23 Non Public Information (NPI) ServerGaugeReport Server on Oak-Net malicious software deliberately confidentiality malicious software deliberately impact the confidentiality of Non Public Information (NPI) through ServerGaugeReport Server on Oak-Net.
Risk-24 Non Public Information (NPI) ServerGaugeIndex Server on Oak-Net malicious software deliberately confidentiality malicious software deliberately impact the confidentiality of Non Public Information (NPI) through ServerGaugeIndex Server on Oak-Net.
Risk-25 Non Public Information (NPI) ServerGaugeMonitor Server on Oak-Net malicious software deliberately confidentiality malicious software deliberately impact the confidentiality of Non Public Information (NPI) through ServerGaugeMonitor Server on Oak-Net.
Risk-26 Non Public Information (NPI) ServerGaugeSQL Server on Oak-Net malicious software deliberately confidentiality malicious software deliberately impact the confidentiality of Non Public Information (NPI) through ServerGaugeSQL Server on Oak-Net.
Risk-27 Non Public Information (NPI) DerpCorp hypervisor Server on Oak-Net malicious software deliberately confidentiality malicious software deliberately impact the confidentiality of Non Public Information (NPI) through DerpCorp hypervisor Server on Oak-Net.
Risk-28 Non Public Information (NPI) DerpCorp sysadmin jump stations on Oak-Net malicious software deliberately confidentiality malicious software deliberately impact the confidentiality of Non Public Information (NPI) through DerpCorp sysadmin jump stations on Oak-Net.
Risk-29 Non Public Information (NPI) Monitored servers on Maple-Net malicious software deliberately confidentiality malicious software deliberately impact the confidentiality of Non Public Information (NPI) through Monitored servers on Maple-Net.
Risk-30 Non Public Information (NPI) Monitored servers on Birch-Net malicious software deliberately confidentiality malicious software deliberately impact the confidentiality of Non Public Information (NPI) through Monitored servers on Birch-Net.
Risk-31 Non Public Information (NPI) Subnet Neighbors on Oak-Net external attackers deliberately confidentiality external attackers deliberately impact the confidentiality of Non Public Information (NPI) through Subnet Neighbors on Oak-Net.
Risk-32 Non Public Information (NPI) ServerGaugeMgmt Server on Oak-Net external attackers deliberately confidentiality external attackers deliberately impact the confidentiality of Non Public Information (NPI) through ServerGaugeMgmt Server on Oak-Net.
Risk-33 Non Public Information (NPI) ServerGaugeReport Server on Oak-Net external attackers deliberately confidentiality external attackers deliberately impact the confidentiality of Non Public Information (NPI) through ServerGaugeReport Server on Oak-Net.
Risk-34 Non Public Information (NPI) ServerGaugeIndex Server on Oak-Net external attackers deliberately confidentiality external attackers deliberately impact the confidentiality of Non Public Information (NPI) through ServerGaugeIndex Server on Oak-Net.
Risk-35 Non Public Information (NPI) ServerGaugeMonitor Server on Oak-Net external attackers deliberately confidentiality external attackers deliberately impact the confidentiality of Non Public Information (NPI) through ServerGaugeMonitor Server on Oak-Net.
Risk-36 Non Public Information (NPI) ServerGaugeSQL Server on Oak-Net external attackers deliberately confidentiality external attackers deliberately impact the confidentiality of Non Public Information (NPI) through ServerGaugeSQL Server on Oak-Net.
Risk-37 Non Public Information (NPI) DerpCorp hypervisor Server on Oak-Net external attackers deliberately confidentiality external attackers deliberately impact the confidentiality of Non Public Information (NPI) through DerpCorp hypervisor Server on Oak-Net.
Risk-38 Non Public Information (NPI) DerpCorp sysadmin jump stations on Oak-Net external attackers deliberately confidentiality external attackers deliberately impact the confidentiality of Non Public Information (NPI) through DerpCorp sysadmin jump stations on Oak-Net.
Risk-39 Non Public Information (NPI) Monitored servers on Maple-Net external attackers deliberately confidentiality external attackers deliberately impact the confidentiality of Non Public Information (NPI) through Monitored servers on Maple-Net.
Risk-40 Non Public Information (NPI) Monitored servers on Birch-Net external attackers deliberately confidentiality external attackers deliberately impact the confidentiality of Non Public Information (NPI) through Monitored servers on Birch-Net.
Risk-41 Non Public Information (NPI) Subnet Neighbors on Oak-Net privileged insiders (DerpCorp & Vendors) accidentally confidentiality privileged insiders (DerpCorp & Vendors) accidentally impact the confidentiality of Non Public Information (NPI) through Subnet Neighbors on Oak-Net.
Risk-42 Non Public Information (NPI) ServerGaugeMgmt Server on Oak-Net privileged insiders (DerpCorp & Vendors) accidentally confidentiality privileged insiders (DerpCorp & Vendors) accidentally impact the confidentiality of Non Public Information (NPI) through ServerGaugeMgmt Server on Oak-Net.
Risk-43 Non Public Information (NPI) ServerGaugeReport Server on Oak-Net privileged insiders (DerpCorp & Vendors) accidentally confidentiality privileged insiders (DerpCorp & Vendors) accidentally impact the confidentiality of Non Public Information (NPI) through ServerGaugeReport Server on Oak-Net.
Risk-44 Non Public Information (NPI) ServerGaugeIndex Server on Oak-Net privileged insiders (DerpCorp & Vendors) accidentally confidentiality privileged insiders (DerpCorp & Vendors) accidentally impact the confidentiality of Non Public Information (NPI) through ServerGaugeIndex Server on Oak-Net.
Risk-45 Non Public Information (NPI) ServerGaugeMonitor Server on Oak-Net privileged insiders (DerpCorp & Vendors) accidentally confidentiality privileged insiders (DerpCorp & Vendors) accidentally impact the confidentiality of Non Public Information (NPI) through ServerGaugeMonitor Server on Oak-Net.
Risk-46 Non Public Information (NPI) ServerGaugeSQL Server on Oak-Net privileged insiders (DerpCorp & Vendors) accidentally confidentiality privileged insiders (DerpCorp & Vendors) accidentally impact the confidentiality of Non Public Information (NPI) through ServerGaugeSQL Server on Oak-Net.
Risk-47 Non Public Information (NPI) DerpCorp hypervisor Server on Oak-Net privileged insiders (DerpCorp & Vendors) accidentally confidentiality privileged insiders (DerpCorp & Vendors) accidentally impact the confidentiality of Non Public Information (NPI) through DerpCorp hypervisor Server on Oak-Net.
Risk-48 Non Public Information (NPI) DerpCorp sysadmin jump stations on Oak-Net privileged insiders (DerpCorp & Vendors) accidentally confidentiality privileged insiders (DerpCorp & Vendors) accidentally impact the confidentiality of Non Public Information (NPI) through DerpCorp sysadmin jump stations on Oak-Net.
Risk-49 Non Public Information (NPI) Monitored servers on Maple-Net privileged insiders (DerpCorp & Vendors) accidentally confidentiality privileged insiders (DerpCorp & Vendors) accidentally impact the confidentiality of Non Public Information (NPI) through Monitored servers on Maple-Net.
Risk-50 Non Public Information (NPI) Monitored servers on Birch-Net privileged insiders (DerpCorp & Vendors) accidentally confidentiality privileged insiders (DerpCorp & Vendors) accidentally impact the confidentiality of Non Public Information (NPI) through Monitored servers on Birch-Net.
Risk-51 Non Public Information (NPI) Subnet Neighbors on Oak-Net non-privileged insiders (DerpCorp & Vendors) accidentally confidentiality non-privileged insiders (DerpCorp & Vendors) accidentally impact the confidentiality of Non Public Information (NPI) through Subnet Neighbors on Oak-Net.
Risk-52 Non Public Information (NPI) ServerGaugeMgmt Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) accidentally confidentiality non-privileged insiders (DerpCorp & Vendors) accidentally impact the confidentiality of Non Public Information (NPI) through ServerGaugeMgmt Server on Oak-Net.
Risk-53 Non Public Information (NPI) ServerGaugeReport Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) accidentally confidentiality non-privileged insiders (DerpCorp & Vendors) accidentally impact the confidentiality of Non Public Information (NPI) through ServerGaugeReport Server on Oak-Net.
Risk-54 Non Public Information (NPI) ServerGaugeIndex Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) accidentally confidentiality non-privileged insiders (DerpCorp & Vendors) accidentally impact the confidentiality of Non Public Information (NPI) through ServerGaugeIndex Server on Oak-Net.
Risk-55 Non Public Information (NPI) ServerGaugeMonitor Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) accidentally confidentiality non-privileged insiders (DerpCorp & Vendors) accidentally impact the confidentiality of Non Public Information (NPI) through ServerGaugeMonitor Server on Oak-Net.
Risk-56 Non Public Information (NPI) ServerGaugeSQL Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) accidentally confidentiality non-privileged insiders (DerpCorp & Vendors) accidentally impact the confidentiality of Non Public Information (NPI) through ServerGaugeSQL Server on Oak-Net.
Risk-57 Non Public Information (NPI) DerpCorp hypervisor Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) accidentally confidentiality non-privileged insiders (DerpCorp & Vendors) accidentally impact the confidentiality of Non Public Information (NPI) through DerpCorp hypervisor Server on Oak-Net.
Risk-58 Non Public Information (NPI) DerpCorp sysadmin jump stations on Oak-Net non-privileged insiders (DerpCorp & Vendors) accidentally confidentiality non-privileged insiders (DerpCorp & Vendors) accidentally impact the confidentiality of Non Public Information (NPI) through DerpCorp sysadmin jump stations on Oak-Net.
Risk-59 Non Public Information (NPI) Monitored servers on Maple-Net non-privileged insiders (DerpCorp & Vendors) accidentally confidentiality non-privileged insiders (DerpCorp & Vendors) accidentally impact the confidentiality of Non Public Information (NPI) through Monitored servers on Maple-Net.
Risk-60 Non Public Information (NPI) Monitored servers on Birch-Net non-privileged insiders (DerpCorp & Vendors) accidentally confidentiality non-privileged insiders (DerpCorp & Vendors) accidentally impact the confidentiality of Non Public Information (NPI) through Monitored servers on Birch-Net.
Risk-61 Non Public Information (NPI) Subnet Neighbors on Oak-Net privileged insiders (DerpCorp & Vendors) deliberately integrity privileged insiders (DerpCorp & Vendors) deliberately impact the integrity of Non Public Information (NPI) through Subnet Neighbors on Oak-Net.
Risk-62 Non Public Information (NPI) ServerGaugeMgmt Server on Oak-Net privileged insiders (DerpCorp & Vendors) deliberately integrity privileged insiders (DerpCorp & Vendors) deliberately impact the integrity of Non Public Information (NPI) through ServerGaugeMgmt Server on Oak-Net.
Risk-63 Non Public Information (NPI) ServerGaugeReport Server on Oak-Net privileged insiders (DerpCorp & Vendors) deliberately integrity privileged insiders (DerpCorp & Vendors) deliberately impact the integrity of Non Public Information (NPI) through ServerGaugeReport Server on Oak-Net.
Risk-64 Non Public Information (NPI) ServerGaugeIndex Server on Oak-Net privileged insiders (DerpCorp & Vendors) deliberately integrity privileged insiders (DerpCorp & Vendors) deliberately impact the integrity of Non Public Information (NPI) through ServerGaugeIndex Server on Oak-Net.
Risk-65 Non Public Information (NPI) ServerGaugeMonitor Server on Oak-Net privileged insiders (DerpCorp & Vendors) deliberately integrity privileged insiders (DerpCorp & Vendors) deliberately impact the integrity of Non Public Information (NPI) through ServerGaugeMonitor Server on Oak-Net.
Risk-66 Non Public Information (NPI) ServerGaugeSQL Server on Oak-Net privileged insiders (DerpCorp & Vendors) deliberately integrity privileged insiders (DerpCorp & Vendors) deliberately impact the integrity of Non Public Information (NPI) through ServerGaugeSQL Server on Oak-Net.
Risk-67 Non Public Information (NPI) DerpCorp hypervisor Server on Oak-Net privileged insiders (DerpCorp & Vendors) deliberately integrity privileged insiders (DerpCorp & Vendors) deliberately impact the integrity of Non Public Information (NPI) through DerpCorp hypervisor Server on Oak-Net.
Risk-68 Non Public Information (NPI) DerpCorp sysadmin jump stations on Oak-Net privileged insiders (DerpCorp & Vendors) deliberately integrity privileged insiders (DerpCorp & Vendors) deliberately impact the integrity of Non Public Information (NPI) through DerpCorp sysadmin jump stations on Oak-Net.
Risk-69 Non Public Information (NPI) Monitored servers on Maple-Net privileged insiders (DerpCorp & Vendors) deliberately integrity privileged insiders (DerpCorp & Vendors) deliberately impact the integrity of Non Public Information (NPI) through Monitored servers on Maple-Net.
Risk-70 Non Public Information (NPI) Monitored servers on Birch-Net privileged insiders (DerpCorp & Vendors) deliberately integrity privileged insiders (DerpCorp & Vendors) deliberately impact the integrity of Non Public Information (NPI) through Monitored servers on Birch-Net.
Risk-71 Non Public Information (NPI) Subnet Neighbors on Oak-Net non-privileged insiders (DerpCorp & Vendors) deliberately integrity non-privileged insiders (DerpCorp & Vendors) deliberately impact the integrity of Non Public Information (NPI) through Subnet Neighbors on Oak-Net.
Risk-72 Non Public Information (NPI) ServerGaugeMgmt Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) deliberately integrity non-privileged insiders (DerpCorp & Vendors) deliberately impact the integrity of Non Public Information (NPI) through ServerGaugeMgmt Server on Oak-Net.
Risk-73 Non Public Information (NPI) ServerGaugeReport Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) deliberately integrity non-privileged insiders (DerpCorp & Vendors) deliberately impact the integrity of Non Public Information (NPI) through ServerGaugeReport Server on Oak-Net.
Risk-74 Non Public Information (NPI) ServerGaugeIndex Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) deliberately integrity non-privileged insiders (DerpCorp & Vendors) deliberately impact the integrity of Non Public Information (NPI) through ServerGaugeIndex Server on Oak-Net.
Risk-75 Non Public Information (NPI) ServerGaugeMonitor Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) deliberately integrity non-privileged insiders (DerpCorp & Vendors) deliberately impact the integrity of Non Public Information (NPI) through ServerGaugeMonitor Server on Oak-Net.
Risk-76 Non Public Information (NPI) ServerGaugeSQL Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) deliberately integrity non-privileged insiders (DerpCorp & Vendors) deliberately impact the integrity of Non Public Information (NPI) through ServerGaugeSQL Server on Oak-Net.
Risk-77 Non Public Information (NPI) DerpCorp hypervisor Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) deliberately integrity non-privileged insiders (DerpCorp & Vendors) deliberately impact the integrity of Non Public Information (NPI) through DerpCorp hypervisor Server on Oak-Net.
Risk-78 Non Public Information (NPI) DerpCorp sysadmin jump stations on Oak-Net non-privileged insiders (DerpCorp & Vendors) deliberately integrity non-privileged insiders (DerpCorp & Vendors) deliberately impact the integrity of Non Public Information (NPI) through DerpCorp sysadmin jump stations on Oak-Net.
Risk-79 Non Public Information (NPI) Monitored servers on Maple-Net non-privileged insiders (DerpCorp & Vendors) deliberately integrity non-privileged insiders (DerpCorp & Vendors) deliberately impact the integrity of Non Public Information (NPI) through Monitored servers on Maple-Net.
Risk-80 Non Public Information (NPI) Monitored servers on Birch-Net non-privileged insiders (DerpCorp & Vendors) deliberately integrity non-privileged insiders (DerpCorp & Vendors) deliberately impact the integrity of Non Public Information (NPI) through Monitored servers on Birch-Net.
Risk-81 Non Public Information (NPI) Subnet Neighbors on Oak-Net malicious software deliberately integrity malicious software deliberately impact the integrity of Non Public Information (NPI) through Subnet Neighbors on Oak-Net.
Risk-82 Non Public Information (NPI) ServerGaugeMgmt Server on Oak-Net malicious software deliberately integrity malicious software deliberately impact the integrity of Non Public Information (NPI) through ServerGaugeMgmt Server on Oak-Net.
Risk-83 Non Public Information (NPI) ServerGaugeReport Server on Oak-Net malicious software deliberately integrity malicious software deliberately impact the integrity of Non Public Information (NPI) through ServerGaugeReport Server on Oak-Net.
Risk-84 Non Public Information (NPI) ServerGaugeIndex Server on Oak-Net malicious software deliberately integrity malicious software deliberately impact the integrity of Non Public Information (NPI) through ServerGaugeIndex Server on Oak-Net.
Risk-85 Non Public Information (NPI) ServerGaugeMonitor Server on Oak-Net malicious software deliberately integrity malicious software deliberately impact the integrity of Non Public Information (NPI) through ServerGaugeMonitor Server on Oak-Net.
Risk-86 Non Public Information (NPI) ServerGaugeSQL Server on Oak-Net malicious software deliberately integrity malicious software deliberately impact the integrity of Non Public Information (NPI) through ServerGaugeSQL Server on Oak-Net.
Risk-87 Non Public Information (NPI) DerpCorp hypervisor Server on Oak-Net malicious software deliberately integrity malicious software deliberately impact the integrity of Non Public Information (NPI) through DerpCorp hypervisor Server on Oak-Net.
Risk-88 Non Public Information (NPI) DerpCorp sysadmin jump stations on Oak-Net malicious software deliberately integrity malicious software deliberately impact the integrity of Non Public Information (NPI) through DerpCorp sysadmin jump stations on Oak-Net.
Risk-89 Non Public Information (NPI) Monitored servers on Maple-Net malicious software deliberately integrity malicious software deliberately impact the integrity of Non Public Information (NPI) through Monitored servers on Maple-Net.
Risk-90 Non Public Information (NPI) Monitored servers on Birch-Net malicious software deliberately integrity malicious software deliberately impact the integrity of Non Public Information (NPI) through Monitored servers on Birch-Net.
Risk-91 Non Public Information (NPI) Subnet Neighbors on Oak-Net external attackers deliberately integrity external attackers deliberately impact the integrity of Non Public Information (NPI) through Subnet Neighbors on Oak-Net.
Risk-92 Non Public Information (NPI) ServerGaugeMgmt Server on Oak-Net external attackers deliberately integrity external attackers deliberately impact the integrity of Non Public Information (NPI) through ServerGaugeMgmt Server on Oak-Net.
Risk-93 Non Public Information (NPI) ServerGaugeReport Server on Oak-Net external attackers deliberately integrity external attackers deliberately impact the integrity of Non Public Information (NPI) through ServerGaugeReport Server on Oak-Net.
Risk-94 Non Public Information (NPI) ServerGaugeIndex Server on Oak-Net external attackers deliberately integrity external attackers deliberately impact the integrity of Non Public Information (NPI) through ServerGaugeIndex Server on Oak-Net.
Risk-95 Non Public Information (NPI) ServerGaugeMonitor Server on Oak-Net external attackers deliberately integrity external attackers deliberately impact the integrity of Non Public Information (NPI) through ServerGaugeMonitor Server on Oak-Net.
Risk-96 Non Public Information (NPI) ServerGaugeSQL Server on Oak-Net external attackers deliberately integrity external attackers deliberately impact the integrity of Non Public Information (NPI) through ServerGaugeSQL Server on Oak-Net.
Risk-97 Non Public Information (NPI) DerpCorp hypervisor Server on Oak-Net external attackers deliberately integrity external attackers deliberately impact the integrity of Non Public Information (NPI) through DerpCorp hypervisor Server on Oak-Net.
Risk-98 Non Public Information (NPI) DerpCorp sysadmin jump stations on Oak-Net external attackers deliberately integrity external attackers deliberately impact the integrity of Non Public Information (NPI) through DerpCorp sysadmin jump stations on Oak-Net.
Risk-99 Non Public Information (NPI) Monitored servers on Maple-Net external attackers deliberately integrity external attackers deliberately impact the integrity of Non Public Information (NPI) through Monitored servers on Maple-Net.
Risk-100 Non Public Information (NPI) Monitored servers on Birch-Net external attackers deliberately integrity external attackers deliberately impact the integrity of Non Public Information (NPI) through Monitored servers on Birch-Net.
Risk-101 Non Public Information (NPI) Subnet Neighbors on Oak-Net privileged insiders (DerpCorp & Vendors) accidentally integrity privileged insiders (DerpCorp & Vendors) accidentally impact the integrity of Non Public Information (NPI) through Subnet Neighbors on Oak-Net.
Risk-102 Non Public Information (NPI) ServerGaugeMgmt Server on Oak-Net privileged insiders (DerpCorp & Vendors) accidentally integrity privileged insiders (DerpCorp & Vendors) accidentally impact the integrity of Non Public Information (NPI) through ServerGaugeMgmt Server on Oak-Net.
Risk-103 Non Public Information (NPI) ServerGaugeReport Server on Oak-Net privileged insiders (DerpCorp & Vendors) accidentally integrity privileged insiders (DerpCorp & Vendors) accidentally impact the integrity of Non Public Information (NPI) through ServerGaugeReport Server on Oak-Net.
Risk-104 Non Public Information (NPI) ServerGaugeIndex Server on Oak-Net privileged insiders (DerpCorp & Vendors) accidentally integrity privileged insiders (DerpCorp & Vendors) accidentally impact the integrity of Non Public Information (NPI) through ServerGaugeIndex Server on Oak-Net.
Risk-105 Non Public Information (NPI) ServerGaugeMonitor Server on Oak-Net privileged insiders (DerpCorp & Vendors) accidentally integrity privileged insiders (DerpCorp & Vendors) accidentally impact the integrity of Non Public Information (NPI) through ServerGaugeMonitor Server on Oak-Net.
Risk-106 Non Public Information (NPI) ServerGaugeSQL Server on Oak-Net privileged insiders (DerpCorp & Vendors) accidentally integrity privileged insiders (DerpCorp & Vendors) accidentally impact the integrity of Non Public Information (NPI) through ServerGaugeSQL Server on Oak-Net.
Risk-107 Non Public Information (NPI) DerpCorp hypervisor Server on Oak-Net privileged insiders (DerpCorp & Vendors) accidentally integrity privileged insiders (DerpCorp & Vendors) accidentally impact the integrity of Non Public Information (NPI) through DerpCorp hypervisor Server on Oak-Net.
Risk-108 Non Public Information (NPI) DerpCorp sysadmin jump stations on Oak-Net privileged insiders (DerpCorp & Vendors) accidentally integrity privileged insiders (DerpCorp & Vendors) accidentally impact the integrity of Non Public Information (NPI) through DerpCorp sysadmin jump stations on Oak-Net.
Risk-109 Non Public Information (NPI) Monitored servers on Maple-Net privileged insiders (DerpCorp & Vendors) accidentally integrity privileged insiders (DerpCorp & Vendors) accidentally impact the integrity of Non Public Information (NPI) through Monitored servers on Maple-Net.
Risk-110 Non Public Information (NPI) Monitored servers on Birch-Net privileged insiders (DerpCorp & Vendors) accidentally integrity privileged insiders (DerpCorp & Vendors) accidentally impact the integrity of Non Public Information (NPI) through Monitored servers on Birch-Net.
Risk-111 Non Public Information (NPI) Subnet Neighbors on Oak-Net non-privileged insiders (DerpCorp & Vendors) accidentally integrity non-privileged insiders (DerpCorp & Vendors) accidentally impact the integrity of Non Public Information (NPI) through Subnet Neighbors on Oak-Net.
Risk-112 Non Public Information (NPI) ServerGaugeMgmt Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) accidentally integrity non-privileged insiders (DerpCorp & Vendors) accidentally impact the integrity of Non Public Information (NPI) through ServerGaugeMgmt Server on Oak-Net.
Risk-113 Non Public Information (NPI) ServerGaugeReport Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) accidentally integrity non-privileged insiders (DerpCorp & Vendors) accidentally impact the integrity of Non Public Information (NPI) through ServerGaugeReport Server on Oak-Net.
Risk-114 Non Public Information (NPI) ServerGaugeIndex Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) accidentally integrity non-privileged insiders (DerpCorp & Vendors) accidentally impact the integrity of Non Public Information (NPI) through ServerGaugeIndex Server on Oak-Net.
Risk-115 Non Public Information (NPI) ServerGaugeMonitor Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) accidentally integrity non-privileged insiders (DerpCorp & Vendors) accidentally impact the integrity of Non Public Information (NPI) through ServerGaugeMonitor Server on Oak-Net.
Risk-116 Non Public Information (NPI) ServerGaugeSQL Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) accidentally integrity non-privileged insiders (DerpCorp & Vendors) accidentally impact the integrity of Non Public Information (NPI) through ServerGaugeSQL Server on Oak-Net.
Risk-117 Non Public Information (NPI) DerpCorp hypervisor Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) accidentally integrity non-privileged insiders (DerpCorp & Vendors) accidentally impact the integrity of Non Public Information (NPI) through DerpCorp hypervisor Server on Oak-Net.
Risk-118 Non Public Information (NPI) DerpCorp sysadmin jump stations on Oak-Net non-privileged insiders (DerpCorp & Vendors) accidentally integrity non-privileged insiders (DerpCorp & Vendors) accidentally impact the integrity of Non Public Information (NPI) through DerpCorp sysadmin jump stations on Oak-Net.
Risk-119 Non Public Information (NPI) Monitored servers on Maple-Net non-privileged insiders (DerpCorp & Vendors) accidentally integrity non-privileged insiders (DerpCorp & Vendors) accidentally impact the integrity of Non Public Information (NPI) through Monitored servers on Maple-Net.
Risk-120 Non Public Information (NPI) Monitored servers on Birch-Net non-privileged insiders (DerpCorp & Vendors) accidentally integrity non-privileged insiders (DerpCorp & Vendors) accidentally impact the integrity of Non Public Information (NPI) through Monitored servers on Birch-Net.
Risk-121 Non Public Information (NPI) Subnet Neighbors on Oak-Net privileged insiders (DerpCorp & Vendors) deliberately availability privileged insiders (DerpCorp & Vendors) deliberately impact the availability of Non Public Information (NPI) through Subnet Neighbors on Oak-Net.
Risk-122 Non Public Information (NPI) ServerGaugeMgmt Server on Oak-Net privileged insiders (DerpCorp & Vendors) deliberately availability privileged insiders (DerpCorp & Vendors) deliberately impact the availability of Non Public Information (NPI) through ServerGaugeMgmt Server on Oak-Net.
Risk-123 Non Public Information (NPI) ServerGaugeReport Server on Oak-Net privileged insiders (DerpCorp & Vendors) deliberately availability privileged insiders (DerpCorp & Vendors) deliberately impact the availability of Non Public Information (NPI) through ServerGaugeReport Server on Oak-Net.
Risk-124 Non Public Information (NPI) ServerGaugeIndex Server on Oak-Net privileged insiders (DerpCorp & Vendors) deliberately availability privileged insiders (DerpCorp & Vendors) deliberately impact the availability of Non Public Information (NPI) through ServerGaugeIndex Server on Oak-Net.
Risk-125 Non Public Information (NPI) ServerGaugeMonitor Server on Oak-Net privileged insiders (DerpCorp & Vendors) deliberately availability privileged insiders (DerpCorp & Vendors) deliberately impact the availability of Non Public Information (NPI) through ServerGaugeMonitor Server on Oak-Net.
Risk-126 Non Public Information (NPI) ServerGaugeSQL Server on Oak-Net privileged insiders (DerpCorp & Vendors) deliberately availability privileged insiders (DerpCorp & Vendors) deliberately impact the availability of Non Public Information (NPI) through ServerGaugeSQL Server on Oak-Net.
Risk-127 Non Public Information (NPI) DerpCorp hypervisor Server on Oak-Net privileged insiders (DerpCorp & Vendors) deliberately availability privileged insiders (DerpCorp & Vendors) deliberately impact the availability of Non Public Information (NPI) through DerpCorp hypervisor Server on Oak-Net.
Risk-128 Non Public Information (NPI) DerpCorp sysadmin jump stations on Oak-Net privileged insiders (DerpCorp & Vendors) deliberately availability privileged insiders (DerpCorp & Vendors) deliberately impact the availability of Non Public Information (NPI) through DerpCorp sysadmin jump stations on Oak-Net.
Risk-129 Non Public Information (NPI) Monitored servers on Maple-Net privileged insiders (DerpCorp & Vendors) deliberately availability privileged insiders (DerpCorp & Vendors) deliberately impact the availability of Non Public Information (NPI) through Monitored servers on Maple-Net.
Risk-130 Non Public Information (NPI) Monitored servers on Birch-Net privileged insiders (DerpCorp & Vendors) deliberately availability privileged insiders (DerpCorp & Vendors) deliberately impact the availability of Non Public Information (NPI) through Monitored servers on Birch-Net.
Risk-131 Non Public Information (NPI) Subnet Neighbors on Oak-Net non-privileged insiders (DerpCorp & Vendors) deliberately availability non-privileged insiders (DerpCorp & Vendors) deliberately impact the availability of Non Public Information (NPI) through Subnet Neighbors on Oak-Net.
Risk-132 Non Public Information (NPI) ServerGaugeMgmt Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) deliberately availability non-privileged insiders (DerpCorp & Vendors) deliberately impact the availability of Non Public Information (NPI) through ServerGaugeMgmt Server on Oak-Net.
Risk-133 Non Public Information (NPI) ServerGaugeReport Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) deliberately availability non-privileged insiders (DerpCorp & Vendors) deliberately impact the availability of Non Public Information (NPI) through ServerGaugeReport Server on Oak-Net.
Risk-134 Non Public Information (NPI) ServerGaugeIndex Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) deliberately availability non-privileged insiders (DerpCorp & Vendors) deliberately impact the availability of Non Public Information (NPI) through ServerGaugeIndex Server on Oak-Net.
Risk-135 Non Public Information (NPI) ServerGaugeMonitor Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) deliberately availability non-privileged insiders (DerpCorp & Vendors) deliberately impact the availability of Non Public Information (NPI) through ServerGaugeMonitor Server on Oak-Net.
Risk-136 Non Public Information (NPI) ServerGaugeSQL Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) deliberately availability non-privileged insiders (DerpCorp & Vendors) deliberately impact the availability of Non Public Information (NPI) through ServerGaugeSQL Server on Oak-Net.
Risk-137 Non Public Information (NPI) DerpCorp hypervisor Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) deliberately availability non-privileged insiders (DerpCorp & Vendors) deliberately impact the availability of Non Public Information (NPI) through DerpCorp hypervisor Server on Oak-Net.
Risk-138 Non Public Information (NPI) DerpCorp sysadmin jump stations on Oak-Net non-privileged insiders (DerpCorp & Vendors) deliberately availability non-privileged insiders (DerpCorp & Vendors) deliberately impact the availability of Non Public Information (NPI) through DerpCorp sysadmin jump stations on Oak-Net.
Risk-139 Non Public Information (NPI) Monitored servers on Maple-Net non-privileged insiders (DerpCorp & Vendors) deliberately availability non-privileged insiders (DerpCorp & Vendors) deliberately impact the availability of Non Public Information (NPI) through Monitored servers on Maple-Net.
Risk-140 Non Public Information (NPI) Monitored servers on Birch-Net non-privileged insiders (DerpCorp & Vendors) deliberately availability non-privileged insiders (DerpCorp & Vendors) deliberately impact the availability of Non Public Information (NPI) through Monitored servers on Birch-Net.
Risk-141 Non Public Information (NPI) Subnet Neighbors on Oak-Net malicious software deliberately availability malicious software deliberately impact the availability of Non Public Information (NPI) through Subnet Neighbors on Oak-Net.
Risk-142 Non Public Information (NPI) ServerGaugeMgmt Server on Oak-Net malicious software deliberately availability malicious software deliberately impact the availability of Non Public Information (NPI) through ServerGaugeMgmt Server on Oak-Net.
Risk-143 Non Public Information (NPI) ServerGaugeReport Server on Oak-Net malicious software deliberately availability malicious software deliberately impact the availability of Non Public Information (NPI) through ServerGaugeReport Server on Oak-Net.
Risk-144 Non Public Information (NPI) ServerGaugeIndex Server on Oak-Net malicious software deliberately availability malicious software deliberately impact the availability of Non Public Information (NPI) through ServerGaugeIndex Server on Oak-Net.
Risk-145 Non Public Information (NPI) ServerGaugeMonitor Server on Oak-Net malicious software deliberately availability malicious software deliberately impact the availability of Non Public Information (NPI) through ServerGaugeMonitor Server on Oak-Net.
Risk-146 Non Public Information (NPI) ServerGaugeSQL Server on Oak-Net malicious software deliberately availability malicious software deliberately impact the availability of Non Public Information (NPI) through ServerGaugeSQL Server on Oak-Net.
Risk-147 Non Public Information (NPI) DerpCorp hypervisor Server on Oak-Net malicious software deliberately availability malicious software deliberately impact the availability of Non Public Information (NPI) through DerpCorp hypervisor Server on Oak-Net.
Risk-148 Non Public Information (NPI) DerpCorp sysadmin jump stations on Oak-Net malicious software deliberately availability malicious software deliberately impact the availability of Non Public Information (NPI) through DerpCorp sysadmin jump stations on Oak-Net.
Risk-149 Non Public Information (NPI) Monitored servers on Maple-Net malicious software deliberately availability malicious software deliberately impact the availability of Non Public Information (NPI) through Monitored servers on Maple-Net.
Risk-150 Non Public Information (NPI) Monitored servers on Birch-Net malicious software deliberately availability malicious software deliberately impact the availability of Non Public Information (NPI) through Monitored servers on Birch-Net.
Risk-151 Non Public Information (NPI) Subnet Neighbors on Oak-Net external attackers deliberately availability external attackers deliberately impact the availability of Non Public Information (NPI) through Subnet Neighbors on Oak-Net.
Risk-152 Non Public Information (NPI) ServerGaugeMgmt Server on Oak-Net external attackers deliberately availability external attackers deliberately impact the availability of Non Public Information (NPI) through ServerGaugeMgmt Server on Oak-Net.
Risk-153 Non Public Information (NPI) ServerGaugeReport Server on Oak-Net external attackers deliberately availability external attackers deliberately impact the availability of Non Public Information (NPI) through ServerGaugeReport Server on Oak-Net.
Risk-154 Non Public Information (NPI) ServerGaugeIndex Server on Oak-Net external attackers deliberately availability external attackers deliberately impact the availability of Non Public Information (NPI) through ServerGaugeIndex Server on Oak-Net.
Risk-155 Non Public Information (NPI) ServerGaugeMonitor Server on Oak-Net external attackers deliberately availability external attackers deliberately impact the availability of Non Public Information (NPI) through ServerGaugeMonitor Server on Oak-Net.
Risk-156 Non Public Information (NPI) ServerGaugeSQL Server on Oak-Net external attackers deliberately availability external attackers deliberately impact the availability of Non Public Information (NPI) through ServerGaugeSQL Server on Oak-Net.
Risk-157 Non Public Information (NPI) DerpCorp hypervisor Server on Oak-Net external attackers deliberately availability external attackers deliberately impact the availability of Non Public Information (NPI) through DerpCorp hypervisor Server on Oak-Net.
Risk-158 Non Public Information (NPI) DerpCorp sysadmin jump stations on Oak-Net external attackers deliberately availability external attackers deliberately impact the availability of Non Public Information (NPI) through DerpCorp sysadmin jump stations on Oak-Net.
Risk-159 Non Public Information (NPI) Monitored servers on Maple-Net external attackers deliberately availability external attackers deliberately impact the availability of Non Public Information (NPI) through Monitored servers on Maple-Net.
Risk-160 Non Public Information (NPI) Monitored servers on Birch-Net external attackers deliberately availability external attackers deliberately impact the availability of Non Public Information (NPI) through Monitored servers on Birch-Net.
Risk-161 Non Public Information (NPI) Subnet Neighbors on Oak-Net privileged insiders (DerpCorp & Vendors) accidentally availability privileged insiders (DerpCorp & Vendors) accidentally impact the availability of Non Public Information (NPI) through Subnet Neighbors on Oak-Net.
Risk-162 Non Public Information (NPI) ServerGaugeMgmt Server on Oak-Net privileged insiders (DerpCorp & Vendors) accidentally availability privileged insiders (DerpCorp & Vendors) accidentally impact the availability of Non Public Information (NPI) through ServerGaugeMgmt Server on Oak-Net.
Risk-163 Non Public Information (NPI) ServerGaugeReport Server on Oak-Net privileged insiders (DerpCorp & Vendors) accidentally availability privileged insiders (DerpCorp & Vendors) accidentally impact the availability of Non Public Information (NPI) through ServerGaugeReport Server on Oak-Net.
Risk-164 Non Public Information (NPI) ServerGaugeIndex Server on Oak-Net privileged insiders (DerpCorp & Vendors) accidentally availability privileged insiders (DerpCorp & Vendors) accidentally impact the availability of Non Public Information (NPI) through ServerGaugeIndex Server on Oak-Net.
Risk-165 Non Public Information (NPI) ServerGaugeMonitor Server on Oak-Net privileged insiders (DerpCorp & Vendors) accidentally availability privileged insiders (DerpCorp & Vendors) accidentally impact the availability of Non Public Information (NPI) through ServerGaugeMonitor Server on Oak-Net.
Risk-166 Non Public Information (NPI) ServerGaugeSQL Server on Oak-Net privileged insiders (DerpCorp & Vendors) accidentally availability privileged insiders (DerpCorp & Vendors) accidentally impact the availability of Non Public Information (NPI) through ServerGaugeSQL Server on Oak-Net.
Risk-167 Non Public Information (NPI) DerpCorp hypervisor Server on Oak-Net privileged insiders (DerpCorp & Vendors) accidentally availability privileged insiders (DerpCorp & Vendors) accidentally impact the availability of Non Public Information (NPI) through DerpCorp hypervisor Server on Oak-Net.
Risk-168 Non Public Information (NPI) DerpCorp sysadmin jump stations on Oak-Net privileged insiders (DerpCorp & Vendors) accidentally availability privileged insiders (DerpCorp & Vendors) accidentally impact the availability of Non Public Information (NPI) through DerpCorp sysadmin jump stations on Oak-Net.
Risk-169 Non Public Information (NPI) Monitored servers on Maple-Net privileged insiders (DerpCorp & Vendors) accidentally availability privileged insiders (DerpCorp & Vendors) accidentally impact the availability of Non Public Information (NPI) through Monitored servers on Maple-Net.
Risk-170 Non Public Information (NPI) Monitored servers on Birch-Net privileged insiders (DerpCorp & Vendors) accidentally availability privileged insiders (DerpCorp & Vendors) accidentally impact the availability of Non Public Information (NPI) through Monitored servers on Birch-Net.
Risk-171 Non Public Information (NPI) Subnet Neighbors on Oak-Net non-privileged insiders (DerpCorp & Vendors) accidentally availability non-privileged insiders (DerpCorp & Vendors) accidentally impact the availability of Non Public Information (NPI) through Subnet Neighbors on Oak-Net.
Risk-172 Non Public Information (NPI) ServerGaugeMgmt Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) accidentally availability non-privileged insiders (DerpCorp & Vendors) accidentally impact the availability of Non Public Information (NPI) through ServerGaugeMgmt Server on Oak-Net.
Risk-173 Non Public Information (NPI) ServerGaugeReport Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) accidentally availability non-privileged insiders (DerpCorp & Vendors) accidentally impact the availability of Non Public Information (NPI) through ServerGaugeReport Server on Oak-Net.
Risk-174 Non Public Information (NPI) ServerGaugeIndex Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) accidentally availability non-privileged insiders (DerpCorp & Vendors) accidentally impact the availability of Non Public Information (NPI) through ServerGaugeIndex Server on Oak-Net.
Risk-175 Non Public Information (NPI) ServerGaugeMonitor Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) accidentally availability non-privileged insiders (DerpCorp & Vendors) accidentally impact the availability of Non Public Information (NPI) through ServerGaugeMonitor Server on Oak-Net.
Risk-176 Non Public Information (NPI) ServerGaugeSQL Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) accidentally availability non-privileged insiders (DerpCorp & Vendors) accidentally impact the availability of Non Public Information (NPI) through ServerGaugeSQL Server on Oak-Net.
Risk-177 Non Public Information (NPI) DerpCorp hypervisor Server on Oak-Net non-privileged insiders (DerpCorp & Vendors) accidentally availability non-privileged insiders (DerpCorp & Vendors) accidentally impact the availability of Non Public Information (NPI) through DerpCorp hypervisor Server on Oak-Net.
Risk-178 Non Public Information (NPI) DerpCorp sysadmin jump stations on Oak-Net non-privileged insiders (DerpCorp & Vendors) accidentally availability non-privileged insiders (DerpCorp & Vendors) accidentally impact the availability of Non Public Information (NPI) through DerpCorp sysadmin jump stations on Oak-Net.
Risk-179 Non Public Information (NPI) Monitored servers on Maple-Net non-privileged insiders (DerpCorp & Vendors) accidentally availability non-privileged insiders (DerpCorp & Vendors) accidentally impact the availability of Non Public Information (NPI) through Monitored servers on Maple-Net.
Risk-180 Non Public Information (NPI) Monitored servers on Birch-Net non-privileged insiders (DerpCorp & Vendors) accidentally availability non-privileged insiders (DerpCorp & Vendors) accidentally impact the availability of Non Public Information (NPI) through Monitored servers on Birch-Net.

ECDF


ECDF…

Density


Density…

Violin


Violin…

Swarm


Swarm…

Box


Box…

Ridge


Ridge

Assessment Methodology

Methodology Criteria

A risk analysis should meet local, city, state, federal, and international compliance criteria and yield a corresponding risk assessment report. The criteria and objective of this analysis is as follows:

  1. To create a list of threats that the entity may become exposed to as a result of the changes presented in discussion with stakeholders.
  2. To communicate the estimated probability and impact of such threats.
  3. To create a list of controls/mitigation strategies that may reduce the probability, impact or uncertainty of the listed threats.
  4. To communicate the measure of how much the probability, impact or uncertainty of the listed threats is modified by the controls/mitigation strategies considered.
  5. To communicate the benefit of controls under consideration and costs associated with them.

Methodology Standardization & Interoperability

The taxonomy chosen is based on Open Group’s Factor Analysis of Information Risk (FAIR) standard, an open and independent information risk analysis methodology. This ensures transparency, continuity, and interoperability with other major standards.

The Open Group is an industry consortium that facilitates business objectives by developing open, vendor-neutral technology standards and certifications.The Open Group published two Open FAIR standards that form the risk taxonomy followed:

The FAIR Institute maintains publicly available documentation, resources, community events and other modes of promotion, training, and collaboration.

Deviations from Standard

The methodology used for this assessment deviates from published standards where those standards deviate from scientifically rigorous literature that meets the following criteria:

An annotated review of the scientific literature supporting each component of this methodology may be found here.

Methodology

Scope definition, estimate parameters and commentary are collected using a format comfortable to most users, a spreadsheet. A companion spreadsheet is provided with this tool which is interoperable with major spreadsheet rendering software such as Microsoft Office Excel and Google Sheets. The only variable that needs to be entered into this tool is the address or filepath to the companion spreadsheet containing the scope components, estimate parameters, and desired commentary.

companion spreadsheet opened in Google Sheets.

companion spreadsheet opened in Microsoft Excel.

Data is collected in the form of interviews, documentation review, and/or receptor-based discovery scanning in order to define the scope of the assessment. Abstractions of the components within scope are categorized into areas: Assets, Containers / Points of Attack, Agent / Threat Communities, Threat Types, and Threat Effects.

NOTICE: Each column is an independent list. i.e. the contents of rows do not relate to each other.

Scenario Building

Loss scenarios are generated by exhausting all combinations of the components identified as in scope. Implausible scenarios are removed e.g. non-malicious malware. Scenario components are strung together to form the respective scenario.

Parameter Definition

Probability and impact parameters are defined from the integration of data and calibrated subject matter experts for each of the loss scenarios. Predefined distribution parameters and/or hyper-parameters of a loss event are used where they are available and credible.

To take advantage of a person’s natural Bayesian tendencies, calibration questions and responses take the form of frequency formats instead of percentages or fractions.

Frequency formats communicate information to experts in a form that more closely resembles the natural sampling observed in animal foraging and neural networks. What is 1% in standard format would be “10 in 100” in frequency format.

Control Planning

This risk assessment tool facilitates the comparison of different combinations of controls that may reduce the probability, impact, or uncertainty of loss events. The tool calls the first theoretical combination of loss events and controls “Plan-A”. Plan-A represents the absence of any controls in order to establish a baseline or “inherent risk”. Plan-B is the second combination of controls. This is where analysts may list controls that are in place and additional controls that they are considering implementing. Plan C is where the analyst would enter an alternative set or combination of controls which require comparison.

After controls have been entered as column headers under “Controls” the check boxes are used to indicate which loss scenarios that control effects.

e.g. The “Malware scans nightly” control is an applicable control to the Threat Community entries that contain “malicious software”.

Simulation

Monte Carlo Simulation is used to generate a dataset using the parameters provided. The simulations consist of at least 10,000 variations of each loss scenario.

Analysis

The resulting approximating dataset is then analyzed using appropriate statistical methodologies.

Reporting / Communication

Background and scope may be communicated alone or alongside visuals by entering the desired text into the respective sections in the Commentary tab of the spreadsheet.

After analysis has concluded, conclusions and recommendations may also be communicated alone or alongside visuals by entering the desired text into the respective sections of the Commentary tab of the companion spreadsheet.

Col2